Cisco PIX Firewalls: configure / manage / troubleshoot Review
If it sounds familiar, that's because Cisco PIX Firewalls: Configure, Manage, & Troubleshoot updates a prior popular edition for Cisco PIX version 7.0, providing the same popular format along with new chapters on how to migrate to 7.0 with minimum hassle. From application inspection function charts and access control lists for ASA uses to configuring a virtual HTTP and adding solutions to common problems, Cisco PIX Firewalls may be used as either a classroom text or a PIX work reference.
Cisco PIX Firewalls: configure / manage / troubleshoot Overview
Umer Khan's first book, "Cisco Security Specialist's Guide to PIX Firewalls," ISBN: 1931836639, has consistently maintained its spot as the #1 best-selling PIX book on amazon.com by providing readers with a clear, comprehensive, and independent introduction to PIX Firewall configuration. With the market for PIX Firewalls maintaining double digit growth and several major enhancements to both the PIX Firewall and VPN Client product lines, this book will have enormous appeal with the audience already familiar with his first book.
* The Cisco Pix firewall is the #1 market leading firewall, owning 43% market share. Cisco is poised to release the newest, completely re-designed version 7 of the Pix operating system in the first quarter of 2004.
* "Cisco Pix Firewalls: configure | manage | troubleshoot" Covers all objectives on the new Cisco Pix certification exam, making this book the perfect study guide in addition to professional reference.
* Umer Khan's first book "Cisco Security Specialist's Guide to PIX Firewall" has been the #1 market leading Cisco Pix book since it was published in 2002.
Related Products
Customer Reviews
Not a great book - brackmr -
I bought the book to learn about the Cisco Pix 515E but, there is very little to do with the PIX 515 EIn this book.
Good Reference book - Paul A. Hoffman - OKC
This is a good reference book if you are using version 7 or below of the Pix firewall. Most of the syntax is geared for v7. There are a few slight deferences in v6.3 command syntax that aren't covered. IE generating keys for ssh use.
Overall the book seems to cover all the basics and the more advanced topics like failover configurations and firewall contexts (virtual firewalls).
It should serve well as a Pix certification resource although I haven't used it as such.
Tons of mistakes - Dan Atkinson - Atlanta, GA
This book is full of errors and mistakes. Most of these occur in the examples of commands. For example, at the bottom of page 131 the author explains how to use the "static" command to create a NAT mapping between an internal server and a server on the DMZ. Here is what it says....
The following configuration translates the real IP address of the internal database server (192.168.1.10) to an address accessible by the DMZ Web server (172.16.1.10):
PIX1(config)# static (inside, dmz) 10.1.1.10 172.168.1.10 netmask 255.255.255.255 0 0
What??? Look at the IP's used in the command. Completely different than what the author just described. These are the kind of mistakes this book is full of. I can overlook one or two, but I'm about 25% through the book and have encountered about 8 of these.
Poor production quality, but some useful info. - jose_monkey_org - ann arbor, mi, USA
Anyone who has ever deployed a network and talked to a Cisco sales representative is probably familiar with the PIX device. Anyone who has ever used one knows that there are hundreds of commands and combinations available to them, and it's easy to get lost. A book like Cisco PIX Firewalls by Charles Riley, Umer Khan, Michael Sweeney, along with Thorsten Behrens, Brian Browne, Daniel Klingerman, and Ido Dubrawsky can help you navigate this powerful feature set.
While the Cisco PIX product, which actually refers to a device product line and its associated operating system, isn't open source, there is a full set of documentation available on the Cisco web site. You can look up commands and even many common tasks which can help you achieve your goal. So, a big question in my review of this book is "Does Cisco PIX Firewalls offer substantially more than these freely available documents?"
The book is not divided into any major sections, but follows a simple path. Provide an overview of the product, some of the basic functionality, and then move on to a task based approach of solutions. These include failover, VPN, IPv6, content inspection, and management with the newly designed ASDM product. This organization works pretty well.
A generic overview of security, security policy, and how firewalls play a role in that is covered in Chapter 1. The overview is very brief, and the authors seem to have included it for completeness only. If you're looking at a book on the PIX firewall, chances are you're familiar with what a firewall does in part. My only big complaint about this chapter is that some of the figures on NAT and PAT are confusing because they use RFC1918 address space (private address space) on both sides of the device. When they talk about how this is used internally and then use it externally, it gets confusing to remember which network is which. Sadly, this network structure continues into other chapters, perpetuating the confusion.
In chapter 2 you get an overview of the PIX software and hardware lines. Sadly, this chapter is a bit muddled. While the overview itself covers all the right bases, at times some additional material would have been helpful. Supplementing text descriptions with a simple picture would be nice, so that people could know at a glace which device they're looking at (ie a PIX 506E vs a 525). A software and hardware matrix would have been helpful, too, to reduce the confusion you get with Cisco's myriad of configurations. In several places, the one letter abbreviations from the output is not explained, including the firewall states and routing output. And finally, this appears to be common in this book, there's an inconsistency in bolding which text is input and which is output. The "bold is input, normal is output" convention is not always obeyed. These may sound like nits, but consistency helps with clarity, and at times the material is muddled.
Overall, there are some real strengths in the book, and a few weaknesses as well. One example of a real gem is the case study in chapter 3, showing a featured network and the associated PIX configuration. This lets you see how you would outline your goals and then achieve them using the PIX feature set and commands. This example was well written and useful. The breakdown of commands as new, existing, or deprecated is also quite useful given that the book covers a major new release, 7.0. The coverage of the new ASDM feature, which provides a GUI management interface to the PIX software, is pretty good. With that chapter, and chapter 9 covering management, you should be up and running in no time at all. The same goes for the new content inspection feature, covered in chapter 5. While it's brief, it contains a lot of useful information that you'll need to enable features. What's missing from that, though, is any serious overview of the problems the prior version of the feature, the 'fixup' command, caused in the past and if the new inspection feature suffers those same problems. Finally, the chapters on virtual private networking and failover are succinct but enough to get you started with a basic running configuration.
Sometimes there are real stinkers, though. Some of the formatting makes getting information out of the output difficult. Word wrap and oddities really detract from the quality of the material in those places. Many of the figures can be unclear due to the quantity of information they try and present. Here, two figures may have been useful instead of one fully packed figure. The book has a few errors in it, too, which may have been the result of a speedy printing cycle. Figure 2.3, for example, shows an incorrect TCP header. I suspect many of the errors, inconsistencies and other problems in it are due to two reasons. First, the publisher wanted to get this book out quickly to match the release of PIX 7.0 as closely as possible. Secondly, the number of contributing authors (6 authors and a technical editor) made a cohesive writing style and their edits difficult to choreograph completely.
Overall, Cisco PIX Firewalls has some value to it, covering new PIX 7.0 features clearly and skillfully. Unfortunately, it suffers from some production problems and errors which weaken it's strength and rating. Syngress also has four eBooks available with this book, one of which covers PIX migrations with earlier versions. While this wont replace the official Cisco documentation, it augments it nicely and, for some of the features covered, surpasses the Cisco documentation. If you're looking at deploying a Cisco PIX soon or upgrading from 6.x to 7.0, you should pick up this book.
*** Product Information and Prices Stored: Sep 02, 2010 01:19:04
